PT-2014-2895 · Symantec · Symantec Protection Center Small Business Edition+1
Stefan Viehbock
·
Published
2014-02-14
·
Updated
2014-03-26
·
CVE-2013-5014
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424
Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080
Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080
Description
The issue allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the management console of the affected software.
Recommendations
For Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424, update to version 11.0.7405.1424 or later.
For Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
For Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Symantec Endpoint Protection Manager
Symantec Protection Center Small Business Edition